archives

Scar de Courcier

Scar de Courcier is Senior Editor at Forensic Focus.
Scar de Courcier has written 165 posts for Forensic Focus – Articles

How To Read A Moving Low-Quality License Plate Using Amped FIVE’s Perspective Stabilization And Perspective Super Resolution

Thanks to TV series and movies, people nowadays believe that when it comes to digital images and videos, everything is possible. Some of you may remember the “never-ending enhance” sequence in Blade Runner or the magic zoom they have in CSI. Then we turn to reality, where cameras with poor components, coupled with Digital Video … Continue reading

From Crime To Court: Review Principles For UK Disclosure

by Hans Henseler UK Law Enforcement agencies are facing significant challenges related to digital evidence disclosure in criminal prosecution cases. Suspects who are charged with a crime must have access to all relevant evidence to ensure a fair trial, even if the evidence can undermine the prosecution. To avoid disclosure errors and ensure that digital … Continue reading

The Opportunity In The Crisis: ICS Malware Digital Forensics And Incident Response

by Christa Miller, Forensic Focus Malware aimed at industrial control systems (ICS) is nothing new. Nearly 10 years have passed since Stuxnet first targeted the supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs) associated with centrifuges in Iran’s nuclear program. Since then, Havex, BlackEnergy 2, and Crash Override / Industroyer have … Continue reading

Leveraging DKIM In Email Forensics

by Arman Gungor My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings: Most email messages do not have the Content-Length header field populated If the suspect is aware of this data point, the integer value in the Content-Length header … Continue reading

How To Image To A Network Repository With Logicube’s Forensic Falcon-NEO

Welcome to Logicube’s tutorial on the Falcon-NEO forensic imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, or using iSCSI. Two 10GbE ports provide extremely fast network imaging performance. In this episode we’ll show you how to image from a physical drive connected to the … Continue reading

Facebook’s Privacy Manifesto: What Does It Mean For Digital Forensic Investigations?

by Christa Miller, Forensic Focus Mark Zuckerberg’s new “privacy manifesto” for Facebook marks not just a pivot in terms of how the social network shapes modern-day communication. It also marks what The Verge’s Casey Newton called “the end of the News Feed era.”  Zuckerberg’s opening statement draws a distinction between the “digital equivalent of a … Continue reading

How To Image From A Network Repository Using Logicube’s Forensic Falcon-NEO

Welcome to Logicube’s tutorial on the Falcon-NEO Forensic Imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, and to image from a network location using iSCSI. Two 10GbE ports provide extremely fast network imaging performance. In this episode, we’ll show you how to image from … Continue reading

Following The RTM: Forensic Examination Of A Computer Infected With A Banking Trojan

by Oleg Skulkin  Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the trojan have been sent to potential victims with admirable persistence. From September to December 2018 the RTM group sent out more than 11,000 malicious emails. The cybercriminals, however, are not going to stop … Continue reading

Walkthrough: Carving With Belkasoft Evidence Center

by Yuri Gubanov, Danil Nikolaev & Igor Mikhailov © Belkasoft Research Carving is an irreplaceable technique widely used in data recovery and digital forensics. By using carving, we essentially perform a low-level scan of media for various artifacts, looking for signatures—specific sequences of bytes, characteristic of different types of data. This also means that carving … Continue reading

Mobile Virtual Network Operators (MVNOs) In The US

by Patrick Siewart  Increasingly, cellular records and their associated location information are being used in civil litigation, where previously they were considered to be a “law enforcement only” tool.  But in the age when users carry at least one smartphone with them at all times, the location data with regard to calls / texts / … Continue reading

Windows Registry Analysis 101

by Chirath De Alwis Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence [1].  When considering computer forensics, registry forensics plays a huge role because of the amount of the data that is stored on the registry and the importance of the stored data. The extraction of … Continue reading

Techno Security And Digital Forensics Conference CA 2019 – Recap

by Mattia Epifani The Techno Security and Forensics CA conference took place between 11th and 13th March at The Hilton Torrey Pines in La Jolla (San Diego). More than 200 attendees were present, coming from different fields like digital forensics, e-discovery, incident response and cybersecurity. Most of the attendees were from the U.S. but many … Continue reading

Career Paths In Digital Forensics

by Christa Miller, Forensic Focus In the 30 or so years since the advent of personal computers made digital forensics a viable career path, the profession has matured to the extent of making multiple career paths possible. Now, professionals who are interested in digital forensics have options that range from law enforcement and government investigations, … Continue reading

Using The Content-Length Header Field In Email Forensics

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review a long list of data points such as formatting discrepancies within the message body, dates hidden in … Continue reading

Forensics Europe Expo London 2019 – Recap

by Jade James  This article is a recap of some of the main highlights from the Forensics Europe Expo 2019, which took place in London, UK on the 5th and 6th of March. The Forensics Europe Expo has now run for seven years and is co-located with the Security & Counter Terror Expo at Olympia … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,234 other followers